Lucene search
K

25 matches found

Nuclei
Nuclei
added 2026/02/04 7:0 a.m.89 views

VICIdial Sensitive Information Disclosure

VICIdial's Web Client is susceptible to information disclosure because it contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents,...

6.6AI score
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-41332

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00785EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 4:54 p.m.9 views

CVE-2020-9500

Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down...

4.9CVSS6.8AI score0.01049EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/11/23 12:28 a.m.28 views

Insertion of Sensitive Information into Log

Impact If successful login attempts are recorded, the raw tokens are stored in the log table. If a malicious person somehow views the data in the log table, he or she can obtain a raw token, which can then be used to send a request with that user's authority. When you 1 use the following...

6.5CVSS6.8AI score0.0063EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2023/11/10 12:0 a.m.4 views

Symfony Security Vulnerabilities

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. A security vulnerability exists in Symfony that stems from a user identifier not changing between the authentication phase and a successful login...

6.5CVSS7.2AI score0.00689EPSS
Exploits0References4
CNVD
CNVD
added 2023/02/28 12:0 a.m.31 views

Login Bypass Vulnerability in Nacos

Nacos is an open source project, maintained and contributed code by the community. Nacos suffers from a login bypass vulnerability that can be exploited by an attacker to copy successful login packets and log in other users...

7.2AI score
Exploits0
Cvelist
Cvelist
added 2022/09/13 10:12 p.m.18 views

CVE-2022-38769

The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to fetch cleartext passwords upon a successful login request...

7.7AI score0.00785EPSS
Exploits0References2
Huntr
Huntr
added 2022/07/11 3:37 p.m.194 views

Open redirect when login successfully

Description Open redirect when login successfully via next parameter Proof of Concept POST /login?next=https://www.google.com/open-redirect HTTP/2 Host: book.dansmonorage.blue Cookie: csrftoken=EUjtgvt3A20lSHYbTxBvfAxQi5gNHHzeI7Bda1HOGnWCioMA6cwQqYWXv8ONog4k User-Agent: Mozilla/5.0 Windows NT 10....

1.9AI score
Exploits0References1
Huntr
Huntr
added 2022/05/23 11:25 a.m.18 views

Improper Restriction of Excessive Authentication Attempts in login feature

Description No rate-limiting leads to bruteforce attack in login feature Steps to reproduce 1.Go to https://www.rosariosis.org/demonstration/ 2.Login with any username and password 3.Using Burp and send login POST request to Intruder 4.Create 30 null payloads and start attack 5.Login with correct...

0.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/14 3:18 a.m.26 views

Jenkins Google Login Plugin Open Redirect vulnerability

An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. Google Login Plugin 1.3.1 only performs redirects to relative URLs...

6.1CVSS4.5AI score0.01003EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 3:5 a.m.23 views

Cloud Foundry UAA open redirect

Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open...

6.1CVSS7.2AI score0.0085EPSS
Exploits0References11Affected Software1
Cvelist
Cvelist
added 2021/05/26 6:46 p.m.27 views

CVE-2018-16495

In VOS user session identifier authentication token is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap...

8.8AI score0.00911EPSS
Exploits0References1
NVD
NVD
added 2021/03/29 4:15 p.m.10 views

CVE-2021-27352

An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login...

5.4CVSS0.00832EPSS
Exploits1References3
Prion
Prion
added 2021/03/29 4:15 p.m.14 views

Open redirect

An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login...

4.9CVSS5.4AI score0.00832EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/03/29 3:28 p.m.16 views

CVE-2021-27352

An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login...

5.6AI score0.00832EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2019/12/04 12:0 a.m.428 views

SSDWLAB 6.1 - Authentication Bypass

Exploit Title: SSDWLAB 6.1 - Authentication Bypass Date: 2019-10-01 Exploit Author: Luis Buendía exoticpayloads Vendor Homepage: http://www.sbpsoftware.com/ Version: 6.1 Tested on: IIS 7.5 CVE : Pending Description: By injection on the SOAP function in the EditUserPassword function, it is possibl...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2019/12/04 12:0 a.m.229 views

SSDWLAB 6.1 Authentication Bypass

Exploit Title: SSDWLAB 6.1 - Authentication Bypass Date: 2019-10-01 Exploit Author: Luis Buendía exoticpayloads Vendor Homepage: http://www.sbpsoftware.com/ Version: 6.1 Tested on: IIS 7.5 CVE : Pending Description: By injection on the SOAP function in the EditUserPassword function, it is possibl...

0.7AI score
Exploits0
Metasploit
Metasploit
added 2019/02/14 8:35 a.m.73 views

Fortinet SSL VPN Bruteforce Login Utility

This module scans for Fortinet SSL VPN web login portals and performs login brute force to identify valid credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet SSL VPN Bruteforc...

7.3AI score
Exploits0
NVD
NVD
added 2018/05/08 3:29 p.m.19 views

CVE-2018-1000174

An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login...

6.1CVSS6.2AI score0.01003EPSS
Exploits0References2
Prion
Prion
added 2018/05/08 3:29 p.m.18 views

Open redirect

An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login...

5.8CVSS6.2AI score0.01003EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder